Partial Closure of Emergency Rooms at Two Hospitals Due to Ransomware Attack

East Ohio Regional Hospital (EORH) in Martins Ferry, OH and Ohio Valley Medical Center (OVMC) in Wheeling, WV experienced a ransomware attack which forced them to shut down their computer systems. The ransomware began encrypting files on the night of November 23.

The attackers were able to access certain systems, but while they managed to breach the primary security layer they were unable to bypass the second line of defense and gain access to patient health information. Nevertheless, the attack disrupted some healthcare services at the two hospitals.

The hospital was able to treat the walk-in patients in the emergency room; however, the hospitals were not able to admit patients from emergency squads. During the time of the ransomware attack, the hospitals used paper charts to record patient data and emergency squad patients were redirected to other hospitals in the area.

A number of hospital systems were taken offline to ensure the integrity of data and IT teams worked night and day to remove the ransomware, recover files, and restore computer systems. The hospitals did not pay the ransom demand and used backups to restore the affected files after repairing infected systems.

At first it was expected that systems would be restored by Sunday night; but the hospital was still diverting e-squad patients to other hospitals on Monday evening because the IT team was still restoring computer systems.

Until the restoration of essential systems, the emergency rooms will continue to be on yellow diversion. The software used for obtaining radiology and CT scans and sending the information to ER staff was still being repaired on Tuesday. When that system is fixed, EORH/OVMC will come off yellow diversion and will be able to take patients from emergency squads.